| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2016-11-03 00:17:02.966234 | 2016-11-03 00:19:15.527300 | 132 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win-xp-sp3 | win-xp-sp3 | VirtualBox | 2016-11-03 00:17:03 | 2016-11-03 00:19:15 |
| File name | APT_military procurement.pdf | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 91010 bytes | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | PDF document, version 1.7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | 51488613 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | cdb6dcf66b7d3c5bc678378f46ba94e7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | 401a52e081313eccba1d29383b52b26c5e438a9d | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | f9203c812fd4668ceff53001fab6d79e61a5e6938125a30e69aca5d2ce6e1a8e | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | 10de5d17e173ea0e46dbc9da09a2233cb1c75cde88169545a635def8b70c693425742f7907c0a7a1a70a52e24a8b56b2d73c8cfe44ed52dbeef773408d0f77dd | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | 1536:40AOB3HN+RNlmABHf9t/ogOXCrg+NZaN9m1Pp6gMBg+NZKSp:40zb+vYABFxDOXCrlNENcANMq | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2015-12-17 11:29:17 Detection Rate: 32/53 (Expand)
|
| File name | 1233705b8e83d408_aum.log |
|---|---|
| File size | 693 bytes |
| File type | ASCII text, with CRLF line terminators |
| MD5 | bfcb160c2c39fa96551cde8c63e307d1 |
| SHA1 | 6f2c13c8074757b9095b5502394d6ef8b1ab3cc5 |
| SHA256 | 1233705b8e83d4088b55159e49f2a9366b01ca79e55ce6b211b88f65a1ae8912 |
| SHA512 | 06e458292d33025c915fe75cc99a757fbe316e05c76bca73af5965696c2380380bda5209e6edff32f60069af78d5f63fe34cc45fbff4e070741a74eb223af213 |
| Ssdeep | 12:pJdBQHjYcfRjnWBxVAPbBB8ReS/UUfh5OJDDxQbVm:pJdBQ/48bBme3UZ5OJhQbVm |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 2d562790a4ab37ed_a9r8013.tmp |
|---|---|
| File size | 358 bytes |
| File type | PDF document, version 1.6 |
| MD5 | b4f975efe1bd35a1d60f9aceddccf601 |
| SHA1 | 51477dd6aaef83a096db16c3f353860195dea610 |
| SHA256 | 2d562790a4ab37ed4e3c7d0db3d1b8f9538e6035e650f3471b4716b66829b747 |
| SHA512 | d21ecee2859c1bdce166dfd6603ecfc4436a56bd1fb72894e81f7dfe6ed95ad2e2403249e4f11bf830c191d63c5b70ccc897b6082d2fcdb149d1ac6e70c6b755 |
| Ssdeep | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOEmbQGXrg+ZDmbQGXrg+FCSyAAO:IngVMre9T0HQIDmy9g06JX0mbVrgmDmv |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 0a84bb9fa5c3aa10_adobeupdaterprefs.dat |
|---|---|
| File size | 350 bytes |
| File type | XML 1.0 document, ASCII text |
| MD5 | af9d3cf49218daaf79611f0e217da690 |
| SHA1 | 6cf45202302cbc733918deab0b43304fff6e47e4 |
| SHA256 | 0a84bb9fa5c3aa10f5595a4403e5b50582f8bbf25f300b13629945fc9c7d8644 |
| SHA512 | 5d4cb192c542e986857fd0e1453cab94d9be93a33604ec70429d42d4e3cf7b5cd28f071d52119f02a35b87e1fee87ee95e21dd4dc75e4b242d92fb8f8f86f376 |
| Ssdeep | 6:TMVBdxwleWCEARm5z3a2AY57UBxayt4M0RuJASJ1rAG6FHrpL1sPu1Wn7qjcbN9L:TMHdxyjnWBxV4buJX1UC5G2QpG |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 3295328e4dc21218_AdobeMissingComps.xml_ |
|---|---|
| File size | 424 bytes |
| File type | XML 1.0 document, ASCII text |
| MD5 | 352d62a70eea8f62c6e07fcd06cce9da |
| SHA1 | 56847537d5da9c9920a20f06f01ec43a811b3384 |
| SHA256 | 3295328e4dc2121800c8c3778f5f76a7e4ecefe6c96cc33b01fd4d55f7f61d33 |
| SHA512 | 8f27dc4d32128937e5854200716afd71591319e2863158f07114adc3160b89f6cb55b0a1f580e8830f829033ad1c6ed830b491de304c2e932ba93335cf6adbcb |
| Ssdeep | 6:TMVBdxww1UgwH0QEHa6Nbv9J1CiSHCq3/K0OMXRVeCpEG1i:TMHdxnOXbuFX1CiECI/K0OMXzeCpEGw |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 2734c91d590c012c_shareddataevents |
|---|---|
| File size | 3072 bytes |
| File type | SQLite 3.x database |
| MD5 | 46ec71619b08907f88336f072019a7d9 |
| SHA1 | db1dabd70871c52f15e9f2a1b1c0e2e831e62ccb |
| SHA256 | 2734c91d590c012cc83137e1da60cecdc8d42bce639beb8a83d00451bb38f976 |
| SHA512 | 46139079af0886c9e9077457f7d9b92384ed52357610a11b7a6244167f7f9669d3c5ad80e984c8c9836d491c33cf9dbaa84e5eebd27c57231887f427e7e68289 |
| Ssdeep | 12:HLS0qgtO9OiyopOz2VVXet3aQK+GyMFO+rlhurs7qllZ2/nMB4h2:r8Rx/XYKQvGJF7ursClZuMB4c |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 4d7f480cf854fe56_acecache10.lst |
|---|---|
| File size | 1565 bytes |
| File type | data |
| MD5 | abb1825273c1e859babb41ac8a72af31 |
| SHA1 | b609942e14a3fd142cce39cf68ea47f08e79963c |
| SHA256 | 4d7f480cf854fe56292ba57dc64ebb5242e9641408fe8f6e02e54afadfbb1a7f |
| SHA512 | 269f74daf146522bb5f074bf803d3b22e5c00b0bbc83f2a9df41601d8beddbff97de78df7bdca34482766c9965dcb7b5158acd6b657ccd7391fd81d7c1f1498d |
| Ssdeep | 24:ehkFwRfC0yJrBtkRlxFX5C0yJrK3l9XhqXbx8xqdXhqbFBC0yJrBWlV:e/Rq0yROlY0ysl1heaoVhj0yilV |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 36de7efc0bfd1ca5_a9r8012.tmp |
|---|---|
| File size | 358 bytes |
| File type | PDF document, version 1.6 |
| MD5 | 589dc0dd46d177d1a4ec029f641d2608 |
| SHA1 | 27c6f1bc37935a4132b4cb4bc3b6d36848eb7a2e |
| SHA256 | 36de7efc0bfd1ca5e3f287e2f8df8d0a65fcc0c5fa16e2b50e3f6192721607a6 |
| SHA512 | 1500d74015ce895e16d30bf0bceda75577c3215ab3dffd960da6d0dbb55009c625548548ed74c841929ddd98569ed3563010a1ecfcf6488341f047ff249222f4 |
| Ssdeep | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOZnAdoCdoDCCSyAAO:IngVMre9T0HQIDmy9g06JXJAdoCdoDCR |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 468d364bf1f8954a_updater.log |
|---|---|
| File size | 1543 bytes |
| File type | ASCII text, with CRLF line terminators |
| MD5 | c6b7395c8557c10013eab7f8c7b87817 |
| SHA1 | 1a24f2c18c98aa557e9b524100c744f4f59ce5c3 |
| SHA256 | 468d364bf1f8954a68b36564402813be0f67c355444542b867186816ff4326fc |
| SHA512 | a6ff4fd6f6d5eb47f41f5e1f1d57016ebcaa6a1c7120c24afa9e4535000ae04520e2689578a1977f1afefaefcefd4701a842a7ff8921902965f460cdffaef3e6 |
| Ssdeep | 48:0s2SUWHSSrS6hSUWHSSrS+SUWHSSrSb8pxetRfs:0LW5rXW5rbW5rc8pxejs |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | a479dd2807cb9817_ArmUI.ini |
|---|---|
| File size | 163994 bytes |
| File type | Little-endian UTF-16 Unicode text, with CRLF line terminators |
| MD5 | 927e703153e62a1cb9a4437659144bda |
| SHA1 | d293a6eb612b6c3bcddeec698e40dbebb5c61879 |
| SHA256 | a479dd2807cb9817ef3ef7a31f3b7582339785e921b4284e55a1387dc38ec770 |
| SHA512 | 0a1d099fccceadb38c7326a9791da18ddeff069600359b415744ae46641b8f041e4a31b00281a996f54b0991dbdf7bdbd0701f6cb71189afd42c207c4631d228 |
| Ssdeep | 3072:kT4CJ4WTbmKk61NmSTBjDT7lV8MztutF4NVxcCXXYAF5CPD:9EYJ |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 2a2e0ba33d793244_usercache.bin |
|---|---|
| File size | 9662 bytes |
| File type | data |
| MD5 | 912bc7140ba3596f83450d830b7c9557 |
| SHA1 | 0bae66884a3e091bd6095923d4add3984f3e8db2 |
| SHA256 | 2a2e0ba33d79324445847a0128ca611fcc50c82a3556fa9a1478405f990843d2 |
| SHA512 | e9e45522441f2dfcfb2cd273be300a0b2add972c62f7496326a3fc5c45e4f318ca4d446ae2676360958429e39b91c1a7ee677a95d710d2936d5d48b1854dc3f1 |
| Ssdeep | 96:stIHhqWwdwlvw5SR73kAUVokJUJ0JMSJ81Wkhg28c1qOeN6hLWjAHo+1rOAq8oNs:sHWwdwlvwsR3UVoLpB+OeN6LWwTAAk8 |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | d2f8b9a28940b9a5_adobearm.log |
|---|---|
| File size | 3030 bytes |
| File type | ASCII text, with CRLF, CR line terminators |
| MD5 | 81b4fc2e07e176e9e350c472185bc4f8 |
| SHA1 | 3f3b11d5b302abaa44ab87b0e5a51826159f040b |
| SHA256 | d2f8b9a28940b9a566c24bc5d65f9f3a28b44b55049ea32ab39976bb523d6f91 |
| SHA512 | 12657ad6b6c2002e4f5c95376a219bc0f2fb7120981fa05dc732c602cad57635a178aa3ec8a3f6c4629b1cbdbfd99adde839069fe35ccb1bafedc92ca254153b |
| Ssdeep | 48:ob17Q2eMbJ5d1rogAafH5L1XQmaI7Z5z1DkieM7t521/f38KrzcZ0P:ob1kFmJ5d1sNsH5L1A1aZ5z1A52t521r |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 226d1c9926375880_d3d9caps.dat |
|---|---|
| File size | 664 bytes |
| File type | data |
| MD5 | cb55ec1dd48909519dcefd9d9c6ef149 |
| SHA1 | 1c67abfcf1d362a32f42014501da960fee7deba5 |
| SHA256 | 226d1c9926375880d590fdb098f0038cbb148edaa171cddb7ddbbfc49b56378f |
| SHA512 | 8ba52cc052fe16c50346fc9daece8a1139527b3fae6b04a7d41c8929f9cdd8f85f556fc9099fa1e0d847d80961830959e2b726d579906dfd5d0feb269fb79f44 |
| Ssdeep | 3:ZllKbllVnIlqQRi5BBl//lHlljlfltl+lp/5tAalB/AMlGM/JlpllDlHl/lotmoK:8b/+Ni///r1aR5tAanDGM/J+I4llCl |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 0b9a8988ac1040d3_AdobeMissingComps.xml |
|---|---|
| File size | 424 bytes |
| File type | XML 1.0 document, ASCII text |
| MD5 | f98038dbb44643e55457f5a67d97ac6b |
| SHA1 | a8e7197c187ac72b164ed0d4ad2079d25fcaae8e |
| SHA256 | 0b9a8988ac1040d34a8df840c33f2e6c272fc456d1478035543162aaf33a7625 |
| SHA512 | 3ccdb3ffc96c9a835bc15badf860ff19fc9b6ba476270df157cbcbaf4f757402348565bd475110c31c45271912611ae382fd233e0c8abff18127210fe45fa21d |
| Ssdeep | 6:TMVBdxww1UgwH0QEHa60gSJ1CiSHCq3/K0OMXRVeCpEG1i:TMHdxnOXbuL61CiECI/K0OMXzeCpEGw |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 47f1892c02460c80_aumlib.log |
|---|---|
| File size | 1556 bytes |
| File type | ASCII text, with CRLF line terminators |
| MD5 | 87c8709d1c09879b4c54ea4b3df3d48f |
| SHA1 | 954c4e8d30e01578d26497172ddb939267ac4b75 |
| SHA256 | 47f1892c02460c803a1e47a41de28cf8e7948c46bedd71ab59f1d6597c45e9ae |
| SHA512 | 994be124c3d8dd39435a4dced8e26ccbb10425f77b431bd338d3fa50c713b16861f39f1c32dcb10064841a44610bad3b03891b29a4f82ba75a48196537024eb6 |
| Ssdeep | 24:TJiPih7X54TF8xJXgXQmPYBcJnszhM8XITFT8NPFcvnbFh:TJwiB0W/wX0cJszd2R85Qnb/ |
| Yara | None matched |
| VirusTotal | Search for Analysis |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2016-11-03 00:17:02.961382 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.072382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.072382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.082382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.082382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.082382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.082382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.082382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.082382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.092382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.092382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.092382 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.092382 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.092382 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.092382 | NtOpenFile |
file_handle => 0x0000006c filepath => \Device\KsecDD desired_access => 0x00100001 filepath_r => \Device\KsecDD open_options => 16 status_info => 0 share_access => 7 |
SUCCESS | |||
| 2016-11-03 00:17:03.092382 | NtOpenFile |
file_handle => 0x00000070 filepath => C:\WINDOWS\system32\wininet.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.092382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.092382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.102382 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.102382 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.102382 | LdrLoadDll |
basename => AcroRd32 module_address => 0x009f0000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.102382 | NtOpenFile |
file_handle => 0x000000a0 filepath => C:\WINDOWS\system32\rpcss.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\rpcss.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => BIB module_address => 0x07000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.112382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => aiodlite module_address => 0x10000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => ADVAPI32 module_address => 0x77dd0000 flags => 0 module_name => C:\WINDOWS\system32\ADVAPI32.DLL |
SUCCESS | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => ieframe module_address => 0x00000000 flags => 0 module_name => C:\WINDOWS\system32\ieframe.dll |
FAILURE | |||
| 2016-11-03 00:17:03.112382 | LdrLoadDll |
basename => acrord32 module_address => 0x009f0000 flags => 0 module_name => c:\program files\adobe\reader 9.0\reader\acrord32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.122382 | LdrLoadDll |
basename => UxTheme module_address => 0x5ad70000 flags => 0 module_name => UxTheme.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.122382 | NtOpenFile |
file_handle => 0x000000b0 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.142382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 100 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.162382 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:17:03.162382 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | LdrLoadDll |
basename => SETUPAPI module_address => 0x77920000 flags => 0 module_name => SETUPAPI.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | LdrLoadDll |
basename => rpcrt4 module_address => 0x77e70000 flags => 0 module_name => rpcrt4.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f8 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f8 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f4 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f4 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtOpenFile |
file_handle => 0x00000100 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.162382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:17:03.172382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Common Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.172382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.172382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.172382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.182382 | LdrLoadDll |
basename => gdi32 module_address => 0x77f10000 flags => 0 module_name => gdi32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.182382 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.202382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.202382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.212382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.212382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.212382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.222382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.232382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Common Files\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.242382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.252382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:17:03.252382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtCreateFile |
create_disposition => 5 file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 96 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-03 00:17:03.252382 | NtWriteFile | buffer => 4 67 75 FID.1:o: :F:ArialMT P:Arial L:$  "F:Arial # 89 FID.1:o: :F:Arial-ItalicMT P:Arial Italic L:$  ÿ "F:Arial # 85 FID.1:o: :F:Arial-BoldMT P:Arial Bold L:$ ¼ "F:Arial # 98 FID.1:o: :F:Arial-BoldItalicMT P:Arial Bold Italic L:$ ¼ ÿ "F:Arial # 91 FID.1:o: :F:Arial-Black P:Arial Black L:- „ "F:Arial Black # 95 FID.1:o: :F:ComicSansMS P:Comic Sans MS L:-  BF:Comic Sans MS # 105 FID.1:o: :F:ComicSansMS-Bold P:Comic Sans MS Bold L:- ¼ BF:Comic Sans MS # 94 FID.1:o: :F:CourierNewPSMT P:Courier New L:$  1F:Courier New # 108 FID.1:o: :F:CourierNewPS-ItalicMT P:Courier New Italic L:$  ÿ 1F:Courier New # 104 FID.1:o: :F:CourierNewPS-BoldMT P:Courier New Bold L:$ ¼ 1F:Courier New # 117 FID.1:o: :F:CourierNewPS-BoldItalicMT P:Courier New Bold Italic L:$ ¼ ÿ 1F:Courier New # 84 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf # 92 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf # 89 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf # 96 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf # 108 FID.1:o: :F:EstrangeloEdessa P:Estrangelo Edessa L:  BF:Estrangelo Edessa # 123 FID.1:o: :F:FranklinGothic-Medium P:Franklin Gothic Medium L:$  "F:Franklin Gothic Medium # 136 FID.1:o: :F:FranklinGothic-MediumItalic P:Franklin Gothic Medium Italic L:$  ÿ "F:Franklin Gothic Medium # 79 FID.1:o: :F:Gautami P:Gautami L:8  F:Gautami # 79 FID.1:o: :F:Georgia P:Georgia L:$  F:Georgia # 93 FID.1:o: :F:Georgia-Italic P:Georgia Italic L:$  ÿ F:Georgia # 89 FID.1:o: :F:Georgia-Bold P:Georgia Bold L:$ ¼ F:Georgia # 102 FID.1:o: :F:Georgia-BoldItalic P:Georgia Bold Italic L:$ ¼ ÿ F:Georgia # 76 FID.1:o: :F:Impact P:Impact L:' |